Support » Plugin: Quick Page/Post Redirect Plugin » possibly malicious code?

  • Nico Martin


    Hi there

    I found a few worrying bits of code on a client’s instance.
    He had version 5.2.3 of “Quick Page/Post Redirect” installed. But neither in the plugin repo nor in the SVN did I find a corresponding version. My first thought was that it must be an external attack.
    However, the code in question made the following call (when requestet as the googlebot) and placed the content received in front of the_content:[host]/

    What I find quite worrying is that the content is dependent on the user agent. So the links are only loaded when the call is made by the Googlebot. This makes it quite difficult to identify.

    Since belongs to the developer of the plugin, I wonder if this is malicious code deliberately smuggled in to earn a few dollars via a search engine network.

    @anadnet , could I get a statement from you on that?

Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.